Description
Cytrix has detected that the version of Apache HTTP Server being used is vulnerable to a certain Numeric Error vulnerability (CWE-189).
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit based architecture systems. This vulnerability is named as CVE-2010-0010.
Integer overflow is possible in the “ap_proxy_send_fb” function in proxy/proxy_util.c in mod_proxy in the version of the Apache HTTP Server being used.
This allows remote origin servers to cause a Denial of Service (by enacting a “daemon crash”) or possibly execute arbitrary codes via a large chunk size that triggers a heap-based buffer overflow. This will cause a decrease in performance and also for interruptions in the availability of resources.
Also, there’s a chance that this vulnerability will allow attackers to modify system files and information.
Recommendation
To fix CVE-2010-0010, upgrade the version of Apache HTTP Server being used to 1.3.42.
Some claim that Apache HTTP Server versions 2 and higher are unaffected by it, upgrade according to your personal preference.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010
